diff options
author | laforge <laforge> | 2000-08-10 11:45:49 +0000 |
---|---|---|
committer | laforge <laforge> | 2000-08-10 11:45:49 +0000 |
commit | de923c5f36f5244e888b616de42b6a1cbf045372 (patch) | |
tree | 040fd9216087374470af2f6345d8922084b4623c /plain-2.4.0-to-ulog2.diff | |
parent | ec20233e75f69011f41c58a2edcbcd29be484768 (diff) |
Initial revision
Diffstat (limited to 'plain-2.4.0-to-ulog2.diff')
-rw-r--r-- | plain-2.4.0-to-ulog2.diff | 263 |
1 files changed, 263 insertions, 0 deletions
diff --git a/plain-2.4.0-to-ulog2.diff b/plain-2.4.0-to-ulog2.diff new file mode 100644 index 0000000..ab858ea --- /dev/null +++ b/plain-2.4.0-to-ulog2.diff @@ -0,0 +1,263 @@ +diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help +--- linux-2.4.0-test4-plain/Documentation/Configure.help Thu Jul 13 18:42:51 2000 ++++ linux-2.4.0-test4-work/Documentation/Configure.help Mon Jul 31 17:23:30 2000 +@@ -2010,6 +2010,16 @@ + If you want to compile it as a module, say M here and read + Documentation/modules.txt. If unsure, say `N'. + ++ULOG target support ++CONFIG_IP_NF_TARGET_ULOG ++ This option adds a `ULOG' target, which allows you to create rules in ++ any iptables table. The packet is passed to a userspace logging ++ daemon using netlink multicast sockets; unlike the LOG target ++ which can only be viewed through syslog. ++ ++ If you want to compile it as a module, say M here and read ++ Documentation/modules.txt. If unsure, say `N'. ++ + ipchains (2.2-style) support + CONFIG_IP_NF_COMPAT_IPCHAINS + This option places ipchains (with masquerading and redirection +diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h +--- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h Thu Jan 1 01:00:00 1970 ++++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h Mon Jul 31 17:23:31 2000 +@@ -0,0 +1,29 @@ ++#ifndef _IPT_ULOG_H ++#define _IPT_ULOG_H ++ ++#define ULOG_MAC_LEN 80 ++#define ULOG_PREFIX_LEN 32 ++ ++struct ipt_ulog_info ++{ ++ unsigned int nl_group; ++ size_t copy_range; ++ char prefix[ULOG_PREFIX_LEN]; ++}; ++ ++typedef struct ulog_packet_msg ++{ ++ unsigned long mark; ++ long timestamp_sec; ++ long timestamp_usec; ++ unsigned int hook; ++ char indev_name[IFNAMSIZ]; ++ char outdev_name[IFNAMSIZ]; ++ size_t data_len; ++ char prefix[ULOG_PREFIX_LEN]; ++ unsigned char mac_len; ++ unsigned char mac[ULOG_MAC_LEN]; ++ unsigned char payload[0]; ++} ulog_packet_msg_t; ++ ++#endif /*_IPT_ULOG_H*/ +diff -Nru linux-2.4.0-test4-plain/include/linux/netlink.h linux-2.4.0-test4-work/include/linux/netlink.h +--- linux-2.4.0-test4-plain/include/linux/netlink.h Fri Aug 28 04:33:08 1998 ++++ linux-2.4.0-test4-work/include/linux/netlink.h Mon Jul 31 17:23:30 2000 +@@ -5,6 +5,7 @@ + #define NETLINK_SKIP 1 /* Reserved for ENskip */ + #define NETLINK_USERSOCK 2 /* Reserved for user mode socket protocols */ + #define NETLINK_FIREWALL 3 /* Firewalling hook */ ++#define NETLINK_NFLOG 4 /* Firewall logging */ + #define NETLINK_ARPD 8 + #define NETLINK_ROUTE6 11 /* af_inet6 route comm channel */ + #define NETLINK_IP6_FW 13 +diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in +--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in Mon Mar 27 20:35:56 2000 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in Mon Jul 31 17:23:30 2000 +@@ -51,6 +51,7 @@ + dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE + fi + dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES ++ dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES + fi + + # Backwards compatibility modules: only if you don't build in the others. +diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile +--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile Mon Mar 27 20:35:56 2000 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile Mon Jul 31 17:23:30 2000 +@@ -197,6 +197,14 @@ + endif + endif + ++ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y) ++O_OBJS += ipt_ULOG.o ++else ++ ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m) ++ M_OBJS += ipt_ULOG.o ++ endif ++endif ++ + ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y) + O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER) + else +diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c +--- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c Thu Jan 1 01:00:00 1970 ++++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c Mon Jul 31 17:23:31 2000 +@@ -0,0 +1,166 @@ ++/* ++ * netfilter module for userspace packet logging daemons ++ * ++ * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de> ++ * ++ * Released under the terms of the GPL ++ * ++ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp ++ */ ++ ++#include <linux/module.h> ++#include <linux/version.h> ++#include <linux/config.h> ++#include <linux/socket.h> ++#include <linux/skbuff.h> ++#include <linux/kernel.h> ++#include <linux/netlink.h> ++#include <linux/netdevice.h> ++#include <linux/mm.h> ++#include <linux/socket.h> ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ipt_ULOG.h> ++#include <net/sock.h> ++ ++#define ULOG_NL_EVENT 111 /* Harald's favorite number */ ++ ++#if 0 ++#define DEBUGP printk ++#else ++#define DEBUGP(format, args...) ++#endif ++ ++static struct sock *nflognl; ++ ++static void nflog_rcv(struct sock *sk, int len) ++{ ++ printk("nflog_rcv: did receive netlink message ?!?\n"); ++} ++ ++static unsigned int ipt_ulog_target(struct sk_buff **pskb, ++ unsigned int hooknum, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *targinfo, void *userinfo) ++{ ++ ulog_packet_msg_t *pm; ++ size_t size, copy_len; ++ struct sk_buff *nlskb; ++ unsigned char *old_tail; ++ struct nlmsghdr *nlh; ++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; ++ ++ /* calculate the size of the skb needed */ ++ if ((loginfo->copy_range == 0) || ++ (loginfo->copy_range > (*pskb)->len)) { ++ copy_len = (*pskb)->len; ++ } else { ++ copy_len = loginfo->copy_range; ++ } ++ size = NLMSG_SPACE(sizeof(*pm) + copy_len); ++ nlskb = alloc_skb(size, GFP_ATOMIC); ++ if (!nlskb) ++ goto nlmsg_failure; ++ ++ old_tail = nlskb->tail; ++ nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh)); ++ pm = NLMSG_DATA(nlh); ++ ++ /* copy hook, prefix, timestamp, payload, etc. */ ++ ++ pm->data_len = copy_len; ++ pm->timestamp_sec = (*pskb)->stamp.tv_sec; ++ pm->timestamp_usec = (*pskb)->stamp.tv_usec; ++ pm->mark = (*pskb)->nfmark; ++ pm->hook = hooknum; ++ if (loginfo->prefix) ++ strcpy(pm->prefix, loginfo->prefix); ++ ++ if (in && in->hard_header_len > 0 ++ && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph ++ && in->hard_header_len <= ULOG_MAC_LEN) { ++ memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); ++ pm->mac_len = in->hard_header_len; ++ } ++ ++ if (in) ++ strcpy(pm->indev_name, in->name); ++ else ++ pm->indev_name[0] = '\0'; ++ ++ if (out) ++ strcpy(pm->outdev_name, out->name); ++ else ++ pm->outdev_name[0] = '\0'; ++ ++ if (copy_len) ++ memcpy(pm->payload, (*pskb)->data, copy_len); ++ nlh->nlmsg_len = nlskb->tail - old_tail; ++ NETLINK_CB(nlskb).dst_groups = loginfo->nl_group; ++ DEBUGP ++ ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n", ++ loginfo->nl_group); ++ netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, ++ GFP_ATOMIC); ++ ++ return IPT_CONTINUE; ++ ++ nlmsg_failure: ++ if (nlskb) ++ kfree(nlskb); ++ printk("ipt_ULOG: Error building netlink message\n"); ++ return IPT_CONTINUE; ++} ++ ++static int ipt_ulog_checkentry(const char *tablename, ++ const struct ipt_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hookmask) ++{ ++ struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; ++ ++ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) { ++ DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize); ++ return 0; ++ } ++ ++ if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') { ++ DEBUGP("ULOG: prefix term %i\n", ++ loginfo->prefix[sizeof(loginfo->prefix) - 1]); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct ipt_target ipt_ulog_reg = ++ { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL, ++THIS_MODULE ++}; ++ ++static int __init init(void) ++{ ++ DEBUGP("ipt_ULOG: init module\n"); ++ nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv); ++ if (!nflognl) ++ return -ENOMEM; ++ ++ if (ipt_register_target(&ipt_ulog_reg) != 0) { ++ sock_release(nflognl->socket); ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++ ++static void __exit fini(void) ++{ ++ DEBUGP("ipt_ULOG: cleanup_module\n"); ++ ++ ipt_unregister_target(&ipt_ulog_reg); ++ sock_release(nflognl->socket); ++} ++ ++module_init(init); ++module_exit(fini); |